Network World has an interesting article here. http://www.networkworld.com/columnists/2009/011209insider.html?fsrc=rss-security
It is a little short on detail but it does highlight the main two employee risks to an organisation.
I do have to take issue with their assertion that Administrators steal information. It is true that Administrators are afforded more opportunity to steal information through the increased access they are afforded. This does not mean that administrators pose the greatest risk. I have received, on more than one occasion, sales calls from one salesman who had switched employers (and obviously taken his contact list with him) I have also known of people involved with Research and Development taking proprietary infomration with them on their departure from their organisation. It is not uncommon for software developers to take large amounts of code with them. In the examples I cite, there may be a defence that the information taken was the result of the hard work of the employee that is taking the information but in the case of the Administrator it is not. That may well be true, but the personnel in question were employed and paid to perform that role therefore the company owns that information, not the individual.
How does this happen? Often, there is no policy to prevent it happening - if the staff are not told that they should not take information, why wouldn't they? I'm sure that applies to the sales team more than the R&D or the developers but it should apply across the board.
Companies are generally bad at detecting egress of data from their systems. The overhead associated can be a burden but as part of a comprehensive monitoring programme, it should not be so.